Main menu

Posts Tagged 'Websites'

A customer called up concerned the other day after getting a dire looking warning in Firefox3 regarding a self-signed SSL certificate.

"The certificate is not trusted because it is self signed."

In that case, she was connecting to her Plesk Control Panel and she wondered if it was safe. I figured the explanation might make for a worthwhile blog entry, so here goes.

When you connect to an HTTPS website your browser and the server exchange certificate information which allows them to encrypt the communication session. The certificates can be signed in two ways: by a certificate authority or what is known as self-signed. Either case is just as good from an encryption point of view. Keys are exchanged and data gets encrypted.

So if they are equally good from an encryption point of view why would someone pay for a CA signed certificate? The answer to that comes from the second function of an SSL cert: identity.

A CA signed cert is considered superior because someone (the CA) has said "Yes, the people to whom we've sold this cert have convinced us they are who they say they are". This convincing is sometimes little more than presenting some money to the CA. What makes the browser trust a given CA? That would be its configured store of trusted root certificates. For example, in Firefox3, if you go to Options > Advanced > Encryption and select View Certificates you can see the pre-installed trusted certificates under the Authorities tab. Provided a certificate has a chain of signatures leading back to one of these Authorities then Firefox will accept that it is legitimately signed.

To make the browser completely happy a certificate has to pass the following tests:

1) Valid signature
2) The Common Name needs to match the hostname you're trying to hit
3) The certificate has to be within its valid time period

A self-signed cert can match all of those criteria, provided you configure the browser to accept it as an Authority certificate.

Back to the original question... is it safe to work with a certificate which your browser has flagged as problematic. The answer is yes, if the problem is expected, such as hitting the self-signed cert on a new Plesk installation. Where you should be concerned is if a certificate that SHOULD be good, such as your bank, is causing the browser to complain. In that case further investigation is definitely warranted. It could be just a glitch or misconfiguration. It could also be someone trying to impersonate the target site.

As a young lad growing up in Houston, Texas I was always fascinated, awed and inspired by Professional Wrestling. When I was little I wanted to be a Professional Wrestler, I even invited Hulk Hogan to every birthday that I had growing up, sadly he never showed up but that was ok because I could watch him wrestle in the WWE (WWF at the time) every weekend. As I grew older I started being able to stay up later and therefore began watching more coverage of the sports entertainment world such as ECW and WCW which were a bit more on the edgier side of programming.

WCW is where I found Ric Flair. What a fantastic persona this man has put forth - the arrogance, the superiority and the strength to back it up. Flair's vicious chest chops and figure four leg locks were legendary. This is the point in my life in my early to late teens that I began to like the bad guys (or heels to those familiar with the industry) just as much if not more so than the good guys (face). Back over at WWE I began to notice the main heel at the time going up the ultimate face, Hulk Hogan, was the Macho Man Randy Savage who had quite the personality himself. Cocky, brash, a bit insane, very entertaining but always able to back it up with his classic finishing move the flying mighty elbow.

Flash forward to now. Yes, sadly to this day I still love and watch wrestling on a regular basis across all brands, WWE/ECW/WCW and TNA. Current favorite wrestlers include Scott Steiner, Triple H, and of course the Nature Boy Ric Flair, who is still wrestling and entertaining at the ripe age of 58.

Now since coming to work at Softlayer I have seen my fair share of entertaining websites and ideas from across the internet as a whole. However, I have yet to find websites that are more entertaining, fun, ridiculous, can provide every day answers and overall explain daily life here at Softlayer than these two. Ladies and gentlemen, I give you the Macho Man and Ric Flair soundboards.